Posts

Showing posts from April, 2010

DoS with LIKE query

I was assessing an application. The application was properly sanitizing all the characters which have special meaning for SQL Injection attack. So SQL Injection was not possible in the application. But then again I came across few search modules in the application where it was taking input of part numbers to proceed.
I entered single quote(') and the application was perfectly filtering it returning "Parts can't be found". Then out of curiosity I entered '%' character and observed the response. Now the application stuck into the loop of the search continuously searching.The two things I deduced from it:
1. The application was using LIKE query to search matching terms.
2. This can be used to perform a DoS by overloading the database.

The % and _ qualifier is often overlooked by developers to filter as its not so devastating as other characters. They are used for matching 0 or more characters and single character respectively.

$searhterm = mysql_real_escape_string(“%…

Secure Network Architecture Desing

Few days back I was going through an article on "Managing Network Security". Although it was a bit technical, it presented some fundamental idea about designing secure network architecture of an organization. I just picked up few points from the article easy-to-grasp, left the detailed and technical ones.
Design a secure network architecture:

1. Make sure hosts are not permitted to access the Internet directly. They should access
it through content filtering proxies capable of scanning the packets for malicious code. If
they need to be connected by a NAT rule on the firewall, ensure that the necessary network
and security controls (such as desktop firewall, antivirus and antispyware tools) are
present on the host.

2. All emails should pass through a secure mail gateway that is capable of filtering email threats.

3. Implement strong authentication for accessing networked resources.

4. Host hardening lowers the chances of system compromise or exploitation. Stick to best
practices of sys…

Unknown Root Certifiacte Authority in Firefox-Miscommunication Drama

Image
Mozilla has detected that an unknown certificate named as "RSA Security 1024 V3" is installed in the Firefox browser whose owners are unknown. Even RSA has denied that it is holding anything like current certificate. As per Kathleen Wilson these are the details of the certificate and he has recommended to remove it from NSS where all trusted certificates are maintained:
OU = RSA Security 1024 V3
O = RSA Security Inc
Valid From: 2/22/01
Valid To: 2/22/26
SHA1 Fingerprint:
3C:BB:5D:E0:FC:D6:39:7C:05:88:E5:66:97:BD:46:2A:BD:F9:5C:76


In the first communication the RSA says that it doesn't own this root. As per Kathleen:
“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS."Mozilla now says it has received official word from RSA that they do in fact own the root CA.Katleen says:An offici…

COM Parsing

I came across a very good post about a tool for COM parsing.This tool parses the Type lib info of the activex file and gets all the interfaces and members with in the interface and their addresses in the dll file.

More information: http://ronniereverseengineering.blogspot.com/2010/03/com-vftable-parser.html